Information and Network Security and Privacy

The security and privacy of digital media content has been attracting the attention of academia and industry for the past two decades. Since copies of digital content can be made without any loss and with no cost, content vendors and producers are trying to design mechanisms either to avoid or to detect unauthorized copies. Steganography, watermarking and fingerprinting, for images, audio and video content are being investigated by different groups worldwide in order to produce practical solutions to these kinds of problems while at the same time satisfying requirements such as security, privacy, capacity, robustness and transparency.

Steganography is also used to send concealed messages in an apparently innocent cover object. Steganalysis techniques are being developed in order to detect whether a multimedia object contains secret information which may be used for malicious purposes.

In general, these topics belong to computer forensic techniques that can be used to provide legal evidence of illegal or criminal actions. This line of research is related to all these issues, with a special focus on networked distribution systems such as online social networks or peer-to-peer applications.

The Internet of things (IoT) refers to the internetworking of devices (including smartphones), vehicles, embedded systems, sensors, actuators, and other hardware and software components, which enable these objects to collect and exchange data. These data can be used later on (or in real time) for a wide variety of applications. For example, samples on the mobility patterns of a group of people can be used for designing new and more efficient public transportation systems.

Despite the advantages that this information can provide –for example, to advise individuals for specific routes to avoid traffic jams–, it is clear that the collection and storage of such data raises important ethical issues, such as those concerned with the information security and users’ privacy. It is essential that the storage and processing of this information is carried out in a way that ensures the privacy of individuals whose data are collected or who want to enjoy the benefits of this technology.

The project involves designing systems that allow data collection with the required degree of privacy through the use of specific cryptographic protocols, combined with data mining and managing large amounts of data (big data).

In recent years, an explosive increase of data has been made publicly available. Embedded within this data there is private information about users and, therefore, data owners must respect users’ privacy when releasing datasets to third parties. In this scenario, anonymization processes become an important concern. Privacy may be breached in various ways, depending on data types. For instance, medical datasets are published as database tables, so linking this information with publicly available datasets may disclose the identity of some individuals; social network data is usually published as graphs and there are adversaries that can infer the identity of the users by solving a set of restricted graph isomorphism problems; location privacy concerns the data from phone call networks or applications like Foursquare; and so on.

The simple technique of anonymizing networks by removing identifiers before publishing the actual data does not guarantee privacy. Therefore, various approaches and methods have been developed to deal with each data type and each breach of privacy. The aim of this research is to develop privacy-preserving methods and algorithms that guarantee the users' privacy while keeping data utility as close as possible to the original data. These methods have to achieve a trade-off between data privacy and data utility. Consequently, several data mining tasks must be considered in order to quantify the information loss produced on anonymous data. Due to its nature, PPDM involves some very relevant and interesting topics, such as security and privacy issues to ensure anonymity, data mining and machine learning to evaluate data utility and information loss, and also aspects related to big data.

Many online communities exist nowadays: social networks, open source development, Wikipedia, Wikileaks etc. These communities generate and share a lot of data which is commonly hosted in resources belonging to entities not directly related with participants in the community. This poses a privacy risk for the users, whose profile (friends, beliefs, political tendencies, hobbies), as well as their routines can be publicly exposed and inappropriately used.

The aim of this research is the design of a system that allows for powerful community networks while protecting end-users from surveillance and censorship. The system must allow a free data interchange between the trusted community members, but must guarantee that users can keep a desired degree of anonymity and unlinkability within the community members and external users, and that no sensible information can be inferred by means of data mining or traffic analysis.

Geolocated data is generated in almost every application of ICTs Information and Communication Technologies. A vast amount of information can be obtained to generate spatio-temporal trajectory datasets that can be further mined and analyzed to extract knowledge, such as locations of interest or mobility maps around a city.

Several electronic devices, such as smartphones can be used as sensors, and the location information obtained from them may have a great utility for city planning, thus helping to improve traffic management, tourism, health-related research and commerce, just to mention a few examples.

By continuously sharing our location, we may benefit from location-based services, such as recommendations of places near us that may be of our interest. However, by sharing our location in real time, we may indirectly reveal private information such as our home location, our preferences, activities and habits. If such knowledge is linked to publicly identified data, an association between our real identities and private information can be carried out.

Hence, while as a society we may benefit from location data, the need for protecting the association of such data with our real identities as individuals is evident. This private information may not be shared with others or could be even harmful if it is not properly anonymized and falls on the wrong hands.

Privacy has to be considered in the mining algorithms, and should preferably be considered by design, that is, it should be inscribed in the algorithm from scratch.

Therefore, the aim of this research topic is to develop privacy-aware trajectory mining algorithms to provide privacy guarantees to data subjects, while, at the same time, obtaining useful knowledge from the anonymized data.

Blockchain, and more broadly Distributed Ledger Technology (DLT), has proven to go far beyond cryptocurrencies and it is transforming certain industries, enabling new business models based on decentralized services. Blockchain can contribute to security and privacy and helps removing intermediaries, empowering final users, and making possible new use cases that were not feasible until then. Currently, blockchain projects include proposals in many areas, such as cryptocurrencies, payment systems, supply chains, e-health, e-voting, decentralized identity, collaborative economy, etc.

Within this area of research, we seek not only to improve current blockchain technology, researching on ways to enhance security, privacy, scalability, efficiency and other properties of current systems, but also to propose innovative decentralized services based on blockchain.

The number of Internet incidents related to smart devices is increasing every year. According to the Gartner's estimation in 2017, in 2020 there will be over 20 billion IoT devices on the planet. Malicious hackers are interested in home IoT devices because of the massive number of devices and the lack of security measures or poorly configured ones, which turn them into an easy target of cyberattacks. Criminal organizations use the compromised objects to perform illegal activities to external entities (like DDoS attacks), to use computational capacity for its own benefit (e.g. cryptojacking attacks that use the devices to mine cryptocurrencies) or to get confidential and private information about IoT owners.

In order to provide security and trust in smart home environments, we offer two topics of research in this area:

Topic 1: Anomaly detection

This project involves designing anomaly detection techniques to prevent cybersecurity attacks. The challenges of anomaly detection in smart homes are to design a scalable model that can support big data, that works in real time, and that achieves high detection accuracy. The solution will use artificial intelligence approaches based on machine learning and will use distributed technologies to gather data from different homes and have a broader vision of the situation. The solution must also be privacy-preserving.

Topic 2: Authentication and trust

Authenticating objects and data is a key aspect to build trust in IoT. First, data from motes (very constrained devices) must be authenticated using lightweight protocols. On the other hand, authentication credentials from smart objects must be very easy to configure since they will be managed by people without technical background. In this sense, new and smarter authentication protocols need to be developed that can provide authenticity services with the minimum computational and transmission overhead. One of the technologies that will be explored is continuous authentication